<?php

$db = new MySQL();
$curpass = md5((isset($_POST["txtcurpass"])) ? $_POST["txtcurpass"] : "");
$newpass = md5((isset($_POST["txtnewpass"])) ? $_POST["txtnewpass"] : "");
$confpass = md5((isset($_POST["txtconfpass"])) ? $_POST["txtconfpass"] : "");

$table = "account";
$mod = $_GET['mod'];
$id_ses = $_SESSION['iduserlogin'];

if($confpass != $newpass){
    echo "<script>alert('password does not match!');</script>";
    echo "<script>location='?mod=" . $mod . "&act=edit'</script> ";
}

if ($_POST["form_"] == "edit") {
    $sql = $db->select("select * from $table where id='$id_ses' and password = '$curpass'");
    if ($db->numrows($sql) > 0) {
        $query = "update $table set password = '$newpass' where id = '$id_ses'";
        $sql1 = $db->update($query);
        $db->close();

        echo "<script>alert('The password was changed!');</script>";
        echo "<script>location='?mod=" . $mod . "&act=edit'</script> ";
    } else{
        echo "<script>alert('Currenly password not found!');</script>";
        echo "<script>location='?mod=" . $mod . "&act=edit'</script> ";
    }
}
?>
